Using the identification file is not necessary if all your keys are stored in the default directory and you allow all of them to be used for public-key and/or certificate authentication. If the identification file does not exist, the Connection Broker attempts to use each key found in the default directory. If the identification file exists, the keys listed in it are attempted first.

Specify the private key of your software certificate in the $HOME/.ssh2/identification file (the CertKey option works identically with the IdKey option):